Epalith

Privacy Policy

Last updated: May 1, 2026

1. What We Collect

When you use Epalith, we collect:

• Account data: Email address, authentication tokens
• Pipeline data: Task descriptions, code outputs, execution traces, artifact files
• Usage data: Pages visited, features used, pipeline run counts
• Payment data: Handled entirely by Stripe — we never store card numbers

2. How We Use It

We use your data to:

• Execute pipeline runs and return results to you
• Authenticate your account and maintain sessions
• Send transactional emails (magic links, run completions)
• Improve the pipeline engine using anonymized execution patterns
• Comply with legal obligations

3. Pipeline Content

The code, prompts, and artifacts from your pipeline runs are stored to give you access to run history, traces, and diffs. We do not use your specific code outputs to train AI models without your explicit consent.

4. Data Sharing

We do not sell your data. We share data only with:

• Infrastructure providers: Render (hosting), Neon (database), Cloudflare (storage) — under data processing agreements
• AI providers: OpenAI/Anthropic — your task content is sent to execute pipeline phases. Their privacy policies apply to what they receive.
• Payment processor: Stripe — for billing and subscription management

5. Data Retention

Pipeline run data is retained for 90 days after a run is deleted or your account is closed. Account data is retained for 30 days after account deletion to process any outstanding issues, then permanently deleted.

6. Your Rights

You may:

• Request a copy of your data
• Delete your account and associated pipeline runs
• Request correction of inaccurate data
• Object to processing of your data for analytics

Contact us at the address below to exercise these rights.

7. Security

All data in transit is encrypted via TLS. Database credentials and API tokens are encrypted at rest using AES-256. We enforce strict access controls and conduct regular security reviews.

8. Cookies

We use session cookies for authentication. No third-party advertising cookies. Analytics use a privacy-first provider (no cross-site tracking).

9. Changes to This Policy

We'll notify you by email before material changes take effect. Continued use after the effective date constitutes acceptance.